TechSpot

Partially damaged hard disk clusters

By Phil82
Mar 8, 2012
  1. I need some help please. I recently had a number of error messages and security warnings appear, such as "partially damaged hard disk clusters". This was followed by all desktop items and programs disappearing. Seems to be similar to a lot of other member's issues.

    I have followed the 5 step preliminary removal instructions, please see below for logs.

    MBAM log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.02.05

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Phil :: PHIL-DELL [administrator]

    02/03/2012 22:26:03
    mbam-log-2012-03-02 (22-26-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 187530
    Time elapsed: 2 hour(s), 4 minute(s), 18 second(s)

    Memory Processes Detected: 2
    C:\ProgramData\rfDlnGbvljmBD.exe (Rogue.FakeHDD) -> 4492 -> Delete on reboot.
    C:\ProgramData\a3NuJTL5j6QspR.exe (Backdoor.Agent.Gen) -> 5152 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rfDlnGbvljmBD.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\rfDlnGbvljmBD.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\ProgramData\rfDlnGbvljmBD.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\ProgramData\a3NuJTL5j6QspR.exe (Backdoor.Agent.Gen) -> Delete on reboot.

    (end)

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_20
    Run by Phil at 21:11:25 on 2012-03-03
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
    c:\PROGRA~1\mcafee\msc\mcupdui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Phil\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.independent.co.uk/
    uWindow Title = Internet Explorer Provided By Sky Broadband
    uDefault_Page_URL = hxxp://www.sky.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7C65AF17-0C54-48A2-B59A-65B31039DE52} : DhcpNameServer = 10.72.0.68 10.72.0.69
    TCP: Interfaces\{8274CDEA-7784-417E-AC32-88053B8813C2} : DhcpNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~3\GOEC62~1.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? mferkdk;McAfee Inc. mferkdk
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? AESTFilters;Andrea ST Filters Service
    S? avg8emc;AVG Free8 E-mail Scanner
    S? avg8wd;AVG Free8 WatchDog
    S? AvgLdx86;AVG Free AVI Loader Driver x86
    S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
    S? AvgTdiX;AVG Free8 Network Redirector
    S? DockLoginService;Dock Login Service
    S? IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service
    S? McProxy;McAfee Proxy Service
    S? McShield;McAfee Real-time Scanner
    S? McSysmon;McAfee SystemGuards
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfebopk;McAfee Inc. mfebopk
    S? mfehidk;McAfee Inc. mfehidk
    S? mfesmfk;McAfee Inc. mfesmfk
    S? pwdiapod;pwdiapod
    S? RapportCerberus_34302;RapportCerberus_34302
    S? RapportEI;RapportEI
    S? RapportKELL;RapportKELL
    S? RapportMgmtService;Rapport Management Service
    .
    =============== Created Last 30 ================
    .
    2012-03-03 20:32:46 100864 ----a-w- C:\pwdiapod.sys
    2012-03-02 22:20:50 -------- d-----w- c:\users\phil\appdata\roaming\Malwarebytes
    2012-03-02 22:19:38 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-02 22:19:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 22:19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-01 13:43:11 -------- d-sh--w- C:\found.008
    2012-02-03 14:21:08 -------- d-sh--w- C:\found.007
    .
    ==================== Find3M ====================
    .
    2012-01-25 10:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ============= FINISH: 21:35:08.71 ===============

    Attach log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 15/01/2009 19:04:03
    System Uptime: 03/03/2012 19:45:12 (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9
    Adobe Shockwave Player
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Apple Mobile Device Support
    Apple Software Update
    AVG Free 8.5
    Bonjour
    Browser Address Error Redirector
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Dell-eBay
    Dell Best of Web
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    Digital Line Detect
    EDocs
    Football Manager 2005
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IKEA Home Planner
    Intel(R) Matrix Storage Manager
    Internet From BT
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 7
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee SecurityCenter
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Works
    Modem Diagnostic Tool
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    OpenOffice.org 3.2
    OutlookAddinSetup
    PartyPoker
    QuickSet
    QuickTime
    Rapport
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Samsung Master
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Sky Broadband
    Sky Broadband Browser Branding
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    .
    ==== End Of File ===========================

    Can
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    I still need GMER log.
     
  3. Phil82

    Phil82 TS Rookie Topic Starter

    Thanks Broni.

    No GMER log was generated
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. Phil82

    Phil82 TS Rookie Topic Starter

    Part way through the awsmbr scan I received an unexpected error. This showed a blue screen for a few seconds before restarting the PC (I did try to make a note of the error message but it was to quick for me)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Try to run it from safe mode.
     
  7. Phil82

    Phil82 TS Rookie Topic Starter

    Running in safe mode worked. Please see below for log

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-11 20:15:34
    -----------------------------
    20:15:34.980 OS Version: Windows 6.0.6001 Service Pack 1
    20:15:34.980 Number of processors: 2 586 0xF0D
    20:15:34.980 ComputerName: PHIL-DELL UserName: Phil
    20:15:35.495 Initialize success
    20:15:46.680 AVAST engine defs: 12031001
    20:15:50.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    20:15:50.986 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
    20:15:51.001 Disk 0 MBR read successfully
    20:15:51.001 Disk 0 MBR scan
    20:15:51.001 Disk 0 Windows VISTA default MBR code
    20:15:51.017 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 227 MB offset 63
    20:15:51.017 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 466944
    20:15:51.033 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139597 MB offset 21438464
    20:15:51.064 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
    20:15:51.095 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
    20:15:51.126 Disk 0 scanning sectors +312578048
    20:15:51.204 Disk 0 scanning C:\Windows\system32\drivers
    20:16:17.272 Service scanning
    20:16:40.921 Modules scanning
    20:16:44.151 Disk 0 trace - called modules:
    20:16:44.197 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85371fa9]<<
    20:16:44.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853549b8]
    20:16:44.229 3 CLASSPNP.SYS[82bc2745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x848f9030]
    20:16:44.229 \Driver\iaStor[0x848eef38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85371fa9
    20:16:45.243 AVAST engine scan C:\Windows
    20:16:48.363 AVAST engine scan C:\Windows\system32
    20:20:07.138 AVAST engine scan C:\Windows\system32\drivers
    20:20:25.530 AVAST engine scan C:\Users\Phil
    20:33:57.385 File: C:\Users\Phil\AppData\Local\Temp\3265.tmp **INFECTED** Win32:Malware-gen
    20:41:48.287 AVAST engine scan C:\ProgramData
    20:45:54.985 Scan finished successfully
    20:48:25.697 Disk 0 MBR has been saved successfully to "C:\Users\Phil\Desktop\MBR.dat"
    20:48:25.713 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"


    Bootkit remover log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600
    1), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`8e400000

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. Phil82

    Phil82 TS Rookie Topic Starter

    Tdsskiller log

    19:43:12.0874 1376 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    19:43:14.0887 1376 ============================================================
    19:43:14.0887 1376 Current date / time: 2012/03/12 19:43:14.0887
    19:43:14.0887 1376 SystemInfo:
    19:43:14.0887 1376
    19:43:14.0887 1376 OS Version: 6.0.6001 ServicePack: 1.0
    19:43:14.0887 1376 Product type: Workstation
    19:43:14.0887 1376 ComputerName: PHIL-DELL
    19:43:15.0511 1376 UserName: Phil
    19:43:15.0511 1376 Windows directory: C:\Windows
    19:43:15.0511 1376 System windows directory: C:\Windows
    19:43:15.0511 1376 Processor architecture: Intel x86
    19:43:15.0511 1376 Number of processors: 2
    19:43:15.0511 1376 Page size: 0x1000
    19:43:15.0511 1376 Boot type: Normal boot
    19:43:15.0511 1376 ============================================================
    19:43:30.0377 1376 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:43:30.0377 1376 \Device\Harddisk0\DR0:
    19:43:30.0377 1376 MBR used
    19:43:30.0377 1376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x72000, BlocksNum 0x1400000
    19:43:30.0377 1376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1472000, BlocksNum 0x110A6FF8
    19:43:31.0173 1376 Initialize success
    19:43:31.0173 1376 ============================================================
    19:43:47.0241 4420 ============================================================
    19:43:47.0241 4420 Scan started
    19:43:47.0241 4420 Mode: Manual;
    19:43:47.0241 4420 ============================================================
    19:43:52.0264 4420 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    19:43:52.0498 4420 ACPI - ok
    19:43:52.0670 4420 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    19:43:53.0419 4420 adp94xx - ok
    19:43:53.0621 4420 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    19:43:54.0230 4420 adpahci - ok
    19:43:54.0433 4420 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    19:43:54.0838 4420 adpu160m - ok
    19:43:55.0119 4420 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    19:43:55.0587 4420 adpu320 - ok
    19:43:55.0805 4420 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    19:43:56.0523 4420 AFD - ok
    19:43:56.0741 4420 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    19:43:56.0944 4420 agp440 - ok
    19:43:57.0225 4420 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    19:43:57.0865 4420 aic78xx - ok
    19:43:58.0255 4420 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    19:43:58.0691 4420 aliide - ok
    19:43:58.0957 4420 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    19:44:00.0127 4420 amdagp - ok
    19:44:00.0407 4420 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    19:44:00.0953 4420 amdide - ok
    19:44:01.0078 4420 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    19:44:01.0765 4420 AmdK7 - ok
    19:44:01.0983 4420 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    19:44:02.0981 4420 AmdK8 - ok
    19:44:03.0512 4420 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    19:44:04.0151 4420 ApfiltrService - ok
    19:44:04.0401 4420 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    19:44:05.0930 4420 arc - ok
    19:44:06.0320 4420 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    19:44:07.0568 4420 arcsas - ok
    19:44:07.0880 4420 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:44:08.0301 4420 AsyncMac - ok
    19:44:08.0519 4420 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
    19:44:08.0925 4420 atapi - ok
    19:44:09.0299 4420 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
    19:44:10.0313 4420 AvgLdx86 - ok
    19:44:10.0454 4420 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
    19:44:10.0953 4420 AvgMfx86 - ok
    19:44:11.0093 4420 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
    19:44:12.0123 4420 AvgTdiX - ok
    19:44:12.0310 4420 BCM42RLY (55070d71bbb424a56d5125c61fcc2897) C:\Windows\system32\drivers\BCM42RLY.sys
    19:44:12.0591 4420 BCM42RLY - ok
    19:44:12.0778 4420 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
    19:44:13.0855 4420 BCM43XX - ok
    19:44:13.0995 4420 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    19:44:14.0791 4420 Beep - ok
    19:44:15.0149 4420 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    19:44:15.0680 4420 blbdrive - ok
    19:44:15.0836 4420 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    19:44:16.0257 4420 bowser - ok
    19:44:16.0553 4420 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    19:44:16.0865 4420 BrFiltLo - ok
    19:44:17.0131 4420 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    19:44:17.0645 4420 BrFiltUp - ok
    19:44:18.0082 4420 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    19:44:18.0347 4420 Brserid - ok
    19:44:18.0488 4420 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    19:44:18.0956 4420 BrSerWdm - ok
    19:44:19.0127 4420 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    19:44:19.0517 4420 BrUsbMdm - ok
    19:44:19.0673 4420 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    19:44:19.0923 4420 BrUsbSer - ok
    19:44:20.0063 4420 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    19:44:20.0469 4420 BTHMODEM - ok
    19:44:20.0641 4420 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    19:44:20.0828 4420 cdfs - ok
    19:44:21.0031 4420 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    19:44:21.0623 4420 cdrom - ok
    19:44:21.0795 4420 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    19:44:22.0201 4420 circlass - ok
    19:44:22.0450 4420 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
    19:44:22.0949 4420 CLFS - ok
    19:44:23.0105 4420 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:44:23.0870 4420 CmBatt - ok
    19:44:24.0073 4420 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    19:44:24.0884 4420 cmdide - ok
    19:44:25.0040 4420 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    19:44:25.0118 4420 Compbatt - ok
    19:44:25.0289 4420 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    19:44:25.0976 4420 crcdisk - ok
    19:44:26.0101 4420 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    19:44:26.0397 4420 Crusoe - ok
    19:44:26.0725 4420 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    19:44:27.0021 4420 DfsC - ok
    19:44:27.0255 4420 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    19:44:27.0692 4420 disk - ok
    19:44:28.0066 4420 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    19:44:28.0222 4420 drmkaud - ok
    19:44:28.0409 4420 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    19:44:29.0845 4420 DXGKrnl - ok
    19:44:30.0297 4420 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    19:44:32.0621 4420 e1express - ok
    19:44:32.0840 4420 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    19:44:33.0183 4420 E1G60 - ok
    19:44:33.0417 4420 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    19:44:33.0557 4420 Ecache - ok
    19:44:33.0776 4420 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    19:44:34.0213 4420 elxstor - ok
    19:44:34.0478 4420 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    19:44:34.0712 4420 ErrDev - ok
    19:44:34.0993 4420 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    19:44:35.0539 4420 exfat - ok
    19:44:35.0726 4420 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    19:44:35.0944 4420 fastfat - ok
    19:44:36.0116 4420 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    19:44:36.0412 4420 fdc - ok
    19:44:36.0568 4420 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    19:44:36.0677 4420 FileInfo - ok
    19:44:36.0802 4420 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    19:44:37.0239 4420 Filetrace - ok
    19:44:37.0395 4420 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:44:37.0816 4420 flpydisk - ok
    19:44:37.0972 4420 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    19:44:38.0159 4420 FltMgr - ok
    19:44:38.0347 4420 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    19:44:38.0534 4420 Fs_Rec - ok
    19:44:38.0659 4420 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    19:44:39.0033 4420 gagp30kx - ok
    19:44:39.0283 4420 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:44:39.0532 4420 GEARAspiWDM - ok
    19:44:39.0922 4420 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:44:40.0265 4420 HDAudBus - ok
    19:44:40.0406 4420 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    19:44:40.0749 4420 HidBth - ok
    19:44:41.0014 4420 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    19:44:41.0295 4420 HidIr - ok
    19:44:41.0513 4420 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    19:44:42.0153 4420 HidUsb - ok
    19:44:42.0371 4420 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    19:44:42.0761 4420 HpCISSs - ok
    19:44:42.0964 4420 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    19:44:43.0495 4420 HSF_DPV - ok
    19:44:43.0635 4420 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    19:44:44.0009 4420 HSXHWAZL - ok
    19:44:44.0197 4420 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
    19:44:44.0587 4420 HTTP - ok
    19:44:44.0805 4420 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    19:44:45.0055 4420 i2omp - ok
    19:44:45.0320 4420 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:44:45.0585 4420 i8042prt - ok
    19:44:45.0835 4420 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
    19:44:45.0835 4420 iaStor - ok
    19:44:46.0022 4420 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    19:44:46.0443 4420 iaStorV - ok
    19:44:46.0771 4420 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    19:44:47.0847 4420 igfx - ok
    19:44:48.0097 4420 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    19:44:48.0268 4420 iirsp - ok
    19:44:48.0471 4420 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
    19:44:48.0970 4420 IntcHdmiAddService - ok
    19:44:49.0157 4420 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
    19:44:49.0313 4420 intelide - ok
    19:44:49.0516 4420 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    19:44:49.0781 4420 intelppm - ok
    19:44:50.0312 4420 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:44:50.0842 4420 IpFilterDriver - ok
    19:44:51.0061 4420 IpInIp - ok
    19:44:51.0232 4420 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    19:44:51.0575 4420 IPMIDRV - ok
    19:44:51.0747 4420 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    19:44:52.0043 4420 IPNAT - ok
    19:44:52.0511 4420 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    19:44:52.0823 4420 IRENUM - ok
    19:44:53.0385 4420 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    19:44:54.0196 4420 isapnp - ok
    19:44:54.0555 4420 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:44:55.0007 4420 iScsiPrt - ok
    19:44:55.0179 4420 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    19:44:55.0507 4420 iteatapi - ok
    19:44:55.0694 4420 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    19:44:56.0193 4420 iteraid - ok
    19:44:56.0365 4420 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:44:56.0645 4420 kbdclass - ok
    19:44:56.0801 4420 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:44:57.0457 4420 kbdhid - ok
    19:44:57.0644 4420 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    19:44:58.0377 4420 KSecDD - ok
    19:44:58.0658 4420 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:44:58.0783 4420 lltdio - ok
    19:44:59.0157 4420 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    19:44:59.0453 4420 LSI_FC - ok
    19:44:59.0594 4420 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    19:45:00.0265 4420 LSI_SAS - ok
    19:45:00.0405 4420 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    19:45:00.0530 4420 LSI_SCSI - ok
    19:45:00.0655 4420 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    19:45:00.0951 4420 luafv - ok
    19:45:01.0169 4420 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    19:45:01.0653 4420 mdmxsdk - ok
    19:45:01.0809 4420 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    19:45:02.0495 4420 megasas - ok
    19:45:02.0714 4420 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    19:45:03.0619 4420 MegaSR - ok
    19:45:03.0775 4420 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys
    19:45:04.0461 4420 mfeavfk - ok
    19:45:04.0835 4420 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys
    19:45:05.0257 4420 mfebopk - ok
    19:45:05.0428 4420 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys
    19:45:05.0740 4420 mfehidk - ok
    19:45:05.0865 4420 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
    19:45:06.0333 4420 mferkdk - ok
    19:45:06.0489 4420 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
    19:45:06.0754 4420 mfesmfk - ok
    19:45:06.0957 4420 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    19:45:07.0347 4420 Modem - ok
    19:45:07.0612 4420 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    19:45:07.0799 4420 monitor - ok
    19:45:07.0955 4420 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    19:45:08.0735 4420 mouclass - ok
    19:45:08.0938 4420 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    19:45:09.0453 4420 mouhid - ok
    19:45:09.0734 4420 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    19:45:09.0796 4420 MountMgr - ok
    19:45:09.0937 4420 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
    19:45:10.0358 4420 MPFP - ok
    19:45:10.0576 4420 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    19:45:11.0231 4420 mpio - ok
    19:45:11.0481 4420 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    19:45:13.0618 4420 mpsdrv - ok
    19:45:13.0837 4420 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    19:45:14.0149 4420 Mraid35x - ok
    19:45:14.0289 4420 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    19:45:14.0851 4420 MRxDAV - ok
    19:45:15.0053 4420 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:45:15.0724 4420 mrxsmb - ok
    19:45:15.0911 4420 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:45:16.0567 4420 mrxsmb10 - ok
    19:45:16.0816 4420 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:45:17.0300 4420 mrxsmb20 - ok
    19:45:17.0627 4420 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    19:45:17.0908 4420 msahci - ok
    19:45:18.0142 4420 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    19:45:18.0829 4420 msdsm - ok
    19:45:19.0094 4420 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    19:45:19.0421 4420 Msfs - ok
    19:45:19.0546 4420 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    19:45:19.0687 4420 msisadrv - ok
    19:45:20.0030 4420 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    19:45:20.0248 4420 MSKSSRV - ok
    19:45:20.0435 4420 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:45:20.0623 4420 MSPCLOCK - ok
    19:45:20.0825 4420 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    19:45:20.0997 4420 MSPQM - ok
    19:45:21.0106 4420 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    19:45:21.0356 4420 MsRPC - ok
    19:45:21.0481 4420 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:45:21.0839 4420 mssmbios - ok
    19:45:21.0949 4420 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    19:45:22.0307 4420 MSTEE - ok
    19:45:22.0479 4420 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    19:45:22.0557 4420 Mup - ok
    19:45:22.0822 4420 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    19:45:23.0243 4420 NativeWifiP - ok
    19:45:23.0509 4420 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
    19:45:24.0101 4420 NDIS - ok
    19:45:24.0413 4420 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:45:24.0569 4420 NdisTapi - ok
    19:45:24.0835 4420 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:45:25.0022 4420 Ndisuio - ok
    19:45:25.0178 4420 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:45:25.0568 4420 NdisWan - ok
    19:45:25.0739 4420 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    19:45:26.0426 4420 NDProxy - ok
    19:45:26.0629 4420 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    19:45:26.0987 4420 NetBIOS - ok
    19:45:27.0362 4420 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    19:45:27.0845 4420 netbt - ok
    19:45:28.0111 4420 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    19:45:28.0719 4420 nfrd960 - ok
    19:45:28.0937 4420 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    19:45:29.0218 4420 Npfs - ok
    19:45:29.0639 4420 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    19:45:29.0873 4420 nsiproxy - ok
    19:45:30.0061 4420 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    19:45:30.0341 4420 Ntfs - ok
    19:45:30.0529 4420 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    19:45:30.0809 4420 ntrigdigi - ok
    19:45:30.0997 4420 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    19:45:31.0199 4420 Null - ok
    19:45:31.0480 4420 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    19:45:31.0979 4420 nvraid - ok
    19:45:32.0182 4420 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    19:45:32.0728 4420 nvstor - ok
    19:45:32.0915 4420 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    19:45:33.0305 4420 nv_agp - ok
    19:45:33.0711 4420 NwlnkFlt - ok
    19:45:33.0898 4420 NwlnkFwd - ok
    19:45:34.0007 4420 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    19:45:34.0273 4420 OEM02Dev - ok
    19:45:34.0553 4420 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    19:45:34.0787 4420 OEM02Vfx - ok
    19:45:34.0990 4420 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    19:45:35.0224 4420 ohci1394 - ok
    19:45:35.0521 4420 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    19:45:36.0316 4420 Parport - ok
    19:45:36.0659 4420 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    19:45:36.0847 4420 partmgr - ok
    19:45:37.0049 4420 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    19:45:37.0268 4420 Parvdm - ok
    19:45:37.0549 4420 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    19:45:37.0611 4420 pci - ok
    19:45:37.0767 4420 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    19:45:38.0173 4420 pciide - ok
    19:45:38.0329 4420 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    19:45:38.0921 4420 pcmcia - ok
    19:45:39.0109 4420 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    19:45:39.0296 4420 PEAUTH - ok
    19:45:39.0982 4420 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    19:45:40.0138 4420 PptpMiniport - ok
    19:45:40.0263 4420 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    19:45:40.0747 4420 Processor - ok
    19:45:40.0981 4420 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    19:45:41.0230 4420 PSched - ok
    19:45:41.0417 4420 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    19:45:42.0151 4420 PxHelp20 - ok
    19:45:42.0447 4420 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    19:45:43.0040 4420 ql2300 - ok
    19:45:43.0149 4420 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    19:45:43.0929 4420 ql40xx - ok
    19:45:44.0116 4420 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    19:45:44.0350 4420 QWAVEdrv - ok
    19:45:44.0725 4420 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:45:45.0645 4420 R300 - ok
    19:45:46.0097 4420 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
    19:45:46.0519 4420 RapportCerberus_34302 - ok
    19:45:46.0924 4420 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    19:45:47.0423 4420 RapportEI - ok
    19:45:47.0657 4420 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\Windows\system32\Drivers\RapportKELL.sys
    19:45:48.0079 4420 RapportKELL - ok
    19:45:48.0297 4420 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    19:45:48.0484 4420 RasAcd - ok
    19:45:49.0046 4420 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:45:49.0358 4420 Rasl2tp - ok
    19:45:49.0561 4420 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:45:50.0559 4420 RasPppoe - ok
    19:45:50.0996 4420 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    19:45:51.0994 4420 RasSstp - ok
    19:45:52.0213 4420 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    19:45:53.0164 4420 rdbss - ok
    19:45:53.0383 4420 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:45:54.0646 4420 RDPCDD - ok
    19:45:54.0880 4420 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    19:45:55.0223 4420 rdpdr - ok
    19:45:55.0442 4420 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    19:45:55.0489 4420 RDPENCDD - ok
    19:45:56.0175 4420 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    19:45:56.0565 4420 RDPWD - ok
    19:45:57.0002 4420 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    19:45:57.0283 4420 rimmptsk - ok
    19:45:58.0031 4420 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    19:45:58.0375 4420 rimsptsk - ok
    19:45:58.0546 4420 RimUsb - ok
    19:45:58.0749 4420 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    19:45:59.0264 4420 RimVSerPort - ok
    19:45:59.0607 4420 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    19:46:02.0212 4420 rismxdp - ok
    19:46:02.0446 4420 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    19:46:02.0711 4420 ROOTMODEM - ok
    19:46:02.0930 4420 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    19:46:03.0117 4420 rspndr - ok
    19:46:03.0413 4420 sbp2port (2360d6deb84684850cdf962bb8a021d7) C:\Windows\system32\DRIVERS\sbp2port.sys
    19:46:03.0897 4420 sbp2port - ok
    19:46:04.0147 4420 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    19:46:05.0036 4420 sdbus - ok
    19:46:05.0441 4420 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:46:05.0551 4420 secdrv - ok
    19:46:06.0081 4420 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    19:46:06.0362 4420 Serenum - ok
    19:46:06.0565 4420 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    19:46:07.0142 4420 Serial - ok
    19:46:07.0360 4420 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    19:46:07.0579 4420 sermouse - ok
    19:46:07.0844 4420 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    19:46:08.0359 4420 sffdisk - ok
    19:46:08.0561 4420 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    19:46:08.0827 4420 sffp_mmc - ok
    19:46:09.0310 4420 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    19:46:09.0560 4420 sffp_sd - ok
    19:46:09.0794 4420 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    19:46:10.0121 4420 sfloppy - ok
    19:46:10.0418 4420 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    19:46:10.0730 4420 sisagp - ok
    19:46:10.0901 4420 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    19:46:11.0510 4420 SiSRaid2 - ok
    19:46:11.0759 4420 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    19:46:12.0071 4420 SiSRaid4 - ok
    19:46:12.0602 4420 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    19:46:13.0460 4420 Smb - ok
    19:46:13.0912 4420 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    19:46:14.0037 4420 spldr - ok
    19:46:14.0380 4420 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    19:46:16.0112 4420 srv - ok
    19:46:16.0330 4420 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    19:46:17.0344 4420 srv2 - ok
    19:46:17.0859 4420 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    19:46:18.0577 4420 srvnet - ok
    19:46:18.0920 4420 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    19:46:19.0700 4420 STHDA - ok
    19:46:19.0949 4420 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    19:46:21.0572 4420 swenum - ok
    19:46:21.0806 4420 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    19:46:22.0352 4420 Symc8xx - ok
    19:46:22.0492 4420 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    19:46:22.0960 4420 Sym_hi - ok
    19:46:23.0600 4420 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    19:46:24.0427 4420 Sym_u3 - ok
    19:46:25.0316 4420 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    19:46:26.0704 4420 Tcpip - ok
    19:46:26.0907 4420 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    19:46:26.0907 4420 Tcpip6 - ok
    19:46:27.0266 4420 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    19:46:27.0422 4420 tcpipreg - ok
    19:46:27.0640 4420 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    19:46:27.0952 4420 TDPIPE - ok
    19:46:28.0233 4420 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    19:46:28.0592 4420 TDTCP - ok
    19:46:28.0982 4420 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    19:46:29.0746 4420 tdx - ok
    19:46:29.0980 4420 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    19:46:30.0495 4420 TermDD - ok
    19:46:30.0838 4420 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:46:31.0197 4420 tssecsrv - ok
    19:46:31.0337 4420 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    19:46:31.0525 4420 tunmp - ok
    19:46:31.0774 4420 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    19:46:32.0117 4420 tunnel - ok
    19:46:32.0445 4420 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    19:46:32.0835 4420 uagp35 - ok
    19:46:32.0991 4420 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    19:46:33.0287 4420 udfs - ok
    19:46:33.0459 4420 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    19:46:33.0771 4420 uliagpkx - ok
    19:46:33.0911 4420 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    19:46:34.0426 4420 uliahci - ok
    19:46:34.0535 4420 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    19:46:34.0879 4420 UlSata - ok
    19:46:35.0019 4420 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    19:46:35.0440 4420 ulsata2 - ok
    19:46:35.0643 4420 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    19:46:35.0908 4420 umbus - ok
    19:46:36.0080 4420 usbccgp (79a58d49e042e80f1909d8ed0a3c47a8) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:46:36.0298 4420 usbccgp - ok
    19:46:36.0470 4420 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    19:46:36.0766 4420 usbcir - ok
    19:46:37.0109 4420 usbehci (8bd8e10a930235a67a10346d5f5029e2) C:\Windows\system32\DRIVERS\usbehci.sys
    19:46:38.0092 4420 usbehci - ok
    19:46:38.0279 4420 usbhub (5146760ca7ea58e4dd5e2e1d418d7011) C:\Windows\system32\DRIVERS\usbhub.sys
    19:46:38.0779 4420 usbhub - ok
    19:46:39.0028 4420 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    19:46:39.0356 4420 usbohci - ok
    19:46:39.0543 4420 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    19:46:39.0886 4420 usbprint - ok
    19:46:40.0011 4420 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:46:40.0619 4420 USBSTOR - ok
    19:46:40.0822 4420 usbuhci (0d815d51fd8ea5f9cb6b85c122cddbf6) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:46:41.0212 4420 usbuhci - ok
    19:46:41.0711 4420 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:46:41.0883 4420 vga - ok
    19:46:42.0008 4420 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    19:46:42.0429 4420 VgaSave - ok
    19:46:42.0647 4420 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    19:46:43.0209 4420 viaagp - ok
    19:46:43.0849 4420 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    19:46:44.0613 4420 ViaC7 - ok
    19:46:45.0065 4420 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    19:46:45.0986 4420 viaide - ok
    19:46:46.0220 4420 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    19:46:46.0501 4420 volmgr - ok
    19:46:46.0719 4420 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    19:46:46.0797 4420 volmgrx - ok
    19:46:47.0624 4420 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    19:46:47.0905 4420 volsnap - ok
    19:46:48.0107 4420 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    19:46:48.0497 4420 vsmraid - ok
    19:46:48.0763 4420 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    19:46:48.0997 4420 WacomPen - ok
    19:46:49.0168 4420 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:46:49.0558 4420 Wanarp - ok
    19:46:49.0621 4420 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:46:49.0621 4420 Wanarpv6 - ok
    19:46:50.0057 4420 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    19:46:50.0416 4420 Wd - ok
    19:46:50.0744 4420 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    19:46:50.0962 4420 Wdf01000 - ok
    19:46:51.0321 4420 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    19:46:52.0413 4420 winachsf - ok
    19:46:53.0661 4420 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    19:46:54.0035 4420 WmiAcpi - ok
    19:46:54.0441 4420 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:46:55.0112 4420 ws2ifsl - ok
    19:46:55.0705 4420 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:46:56.0032 4420 WUDFRd - ok
    19:46:56.0344 4420 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    19:46:56.0781 4420 XAudio - ok
    19:46:56.0984 4420 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
    19:46:57.0327 4420 yukonwlh - ok
    19:46:57.0452 4420 MBR (0x1B8) (707fbbd3b8c3d4e6c2e4f03d26ce130e) \Device\Harddisk0\DR0
    19:46:57.0717 4420 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
    19:46:57.0717 4420 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    19:46:57.0779 4420 Boot (0x1200) (aef1ef47c575b279d7d3f6ac7cbd65fd) \Device\Harddisk0\DR0\Partition0
    19:46:58.0076 4420 \Device\Harddisk0\DR0\Partition0 - ok
    19:46:58.0310 4420 Boot (0x1200) (96ab1340cc59805d56c6fa4e73f76431) \Device\Harddisk0\DR0\Partition1
    19:46:58.0341 4420 \Device\Harddisk0\DR0\Partition1 - ok
    19:46:58.0341 4420 ============================================================
    19:46:58.0341 4420 Scan finished
    19:46:58.0341 4420 ============================================================
    19:46:58.0388 4304 Detected object count: 1
    19:46:58.0388 4304 Actual detected object count: 1
    19:47:10.0025 4304 \Device\Harddisk0\DR0\# - copied to quarantine
    19:47:10.0072 4304 \Device\Harddisk0\DR0 - copied to quarantine
    19:47:11.0227 4304 \Device\Harddisk0\DR0 - processing error
    19:47:39.0197 4304 \Device\Harddisk0\DR0 - will be restored on reboot
    19:47:39.0197 4304 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
    19:47:49.0088 4216 Deinitialize success
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please re-run TDSSKiller one more time.
     
  11. Phil82

    Phil82 TS Rookie Topic Starter

    Tdsskiller log

    20:06:25.0301 5924 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    20:06:27.0329 5924 ============================================================
    20:06:27.0329 5924 Current date / time: 2012/03/13 20:06:27.0329
    20:06:27.0329 5924 SystemInfo:
    20:06:27.0329 5924
    20:06:27.0329 5924 OS Version: 6.0.6001 ServicePack: 1.0
    20:06:27.0329 5924 Product type: Workstation
    20:06:27.0329 5924 ComputerName: PHIL-DELL
    20:06:27.0329 5924 UserName: Phil
    20:06:27.0329 5924 Windows directory: C:\Windows
    20:06:27.0329 5924 System windows directory: C:\Windows
    20:06:27.0329 5924 Processor architecture: Intel x86
    20:06:27.0329 5924 Number of processors: 2
    20:06:27.0329 5924 Page size: 0x1000
    20:06:27.0329 5924 Boot type: Normal boot
    20:06:27.0329 5924 ============================================================
    20:06:30.0870 5924 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    20:06:30.0870 5924 \Device\Harddisk0\DR0:
    20:06:30.0870 5924 MBR used
    20:06:30.0870 5924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x72000, BlocksNum 0x1400000
    20:06:30.0870 5924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1472000, BlocksNum 0x110A6FF8
    20:06:31.0806 5924 Initialize success
    20:06:31.0806 5924 ============================================================
    20:06:38.0514 4692 ============================================================
    20:06:38.0514 4692 Scan started
    20:06:38.0514 4692 Mode: Manual;
    20:06:38.0514 4692 ============================================================
    20:06:40.0792 4692 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    20:06:40.0807 4692 ACPI - ok
    20:06:41.0556 4692 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    20:06:42.0617 4692 adp94xx - ok
    20:06:43.0194 4692 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    20:06:44.0957 4692 adpahci - ok
    20:06:45.0378 4692 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    20:06:45.0721 4692 adpu160m - ok
    20:06:46.0455 4692 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    20:06:47.0016 4692 adpu320 - ok
    20:06:47.0671 4692 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    20:06:48.0249 4692 AFD - ok
    20:06:48.0467 4692 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    20:06:48.0654 4692 agp440 - ok
    20:06:48.0873 4692 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    20:06:49.0840 4692 aic78xx - ok
    20:06:50.0635 4692 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    20:06:50.0979 4692 aliide - ok
    20:06:51.0119 4692 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    20:06:51.0462 4692 amdagp - ok
    20:06:51.0946 4692 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    20:06:52.0539 4692 amdide - ok
    20:06:52.0819 4692 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    20:06:52.0929 4692 AmdK7 - ok
    20:06:53.0412 4692 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    20:06:53.0849 4692 AmdK8 - ok
    20:06:54.0348 4692 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    20:06:54.0988 4692 ApfiltrService - ok
    20:06:55.0471 4692 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    20:06:56.0298 4692 arc - ok
    20:06:57.0390 4692 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    20:06:58.0186 4692 arcsas - ok
    20:06:58.0779 4692 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:06:59.0278 4692 AsyncMac - ok
    20:06:59.0496 4692 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
    20:06:59.0808 4692 atapi - ok
    20:06:59.0980 4692 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
    20:07:01.0056 4692 AvgLdx86 - ok
    20:07:01.0337 4692 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
    20:07:01.0555 4692 AvgMfx86 - ok
    20:07:01.0665 4692 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
    20:07:02.0086 4692 AvgTdiX - ok
    20:07:02.0725 4692 BCM42RLY (55070d71bbb424a56d5125c61fcc2897) C:\Windows\system32\drivers\BCM42RLY.sys
    20:07:03.0162 4692 BCM42RLY - ok
    20:07:04.0395 4692 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
    20:07:04.0878 4692 BCM43XX - ok
    20:07:05.0689 4692 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    20:07:06.0033 4692 Beep - ok
    20:07:07.0452 4692 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    20:07:07.0780 4692 blbdrive - ok
    20:07:08.0107 4692 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    20:07:08.0622 4692 bowser - ok
    20:07:08.0887 4692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    20:07:09.0652 4692 BrFiltLo - ok
    20:07:10.0229 4692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    20:07:12.0538 4692 BrFiltUp - ok
    20:07:12.0959 4692 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    20:07:13.0333 4692 Brserid - ok
    20:07:13.0630 4692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    20:07:14.0581 4692 BrSerWdm - ok
    20:07:15.0283 4692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    20:07:15.0439 4692 BrUsbMdm - ok
    20:07:15.0751 4692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    20:07:16.0157 4692 BrUsbSer - ok
    20:07:16.0531 4692 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    20:07:17.0062 4692 BTHMODEM - ok
    20:07:17.0421 4692 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    20:07:17.0623 4692 cdfs - ok
    20:07:17.0811 4692 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    20:07:18.0123 4692 cdrom - ok
    20:07:18.0622 4692 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    20:07:18.0809 4692 circlass - ok
    20:07:19.0043 4692 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
    20:07:19.0464 4692 CLFS - ok
    20:07:19.0776 4692 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    20:07:19.0901 4692 CmBatt - ok
    20:07:20.0229 4692 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    20:07:20.0650 4692 cmdide - ok
    20:07:20.0868 4692 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    20:07:21.0009 4692 Compbatt - ok
    20:07:21.0180 4692 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    20:07:21.0383 4692 crcdisk - ok
    20:07:21.0976 4692 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    20:07:22.0678 4692 Crusoe - ok
    20:07:23.0317 4692 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    20:07:23.0832 4692 DfsC - ok
    20:07:24.0097 4692 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    20:07:24.0378 4692 disk - ok
    20:07:25.0065 4692 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    20:07:25.0439 4692 drmkaud - ok
    20:07:25.0657 4692 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    20:07:26.0781 4692 DXGKrnl - ok
    20:07:27.0327 4692 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    20:07:27.0873 4692 e1express - ok
    20:07:28.0356 4692 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    20:07:28.0684 4692 E1G60 - ok
    20:07:29.0230 4692 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    20:07:29.0448 4692 Ecache - ok
    20:07:29.0932 4692 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    20:07:30.0587 4692 elxstor - ok
    20:07:31.0117 4692 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    20:07:31.0367 4692 ErrDev - ok
    20:07:31.0913 4692 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    20:07:32.0303 4692 exfat - ok
    20:07:32.0631 4692 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    20:07:32.0802 4692 fastfat - ok
    20:07:33.0255 4692 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    20:07:33.0411 4692 fdc - ok
    20:07:33.0738 4692 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    20:07:33.0816 4692 FileInfo - ok
    20:07:34.0113 4692 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    20:07:34.0347 4692 Filetrace - ok
    20:07:35.0813 4692 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:07:36.0000 4692 flpydisk - ok
    20:07:36.0515 4692 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    20:07:36.0609 4692 FltMgr - ok
    20:07:37.0014 4692 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    20:07:37.0201 4692 Fs_Rec - ok
    20:07:37.0529 4692 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    20:07:37.0841 4692 gagp30kx - ok
    20:07:38.0028 4692 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:07:38.0247 4692 GEARAspiWDM - ok
    20:07:38.0574 4692 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:07:38.0637 4692 HDAudBus - ok
    20:07:38.0808 4692 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    20:07:39.0198 4692 HidBth - ok
    20:07:39.0370 4692 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    20:07:39.0495 4692 HidIr - ok
    20:07:39.0775 4692 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    20:07:40.0087 4692 HidUsb - ok
    20:07:40.0462 4692 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    20:07:40.0774 4692 HpCISSs - ok
    20:07:41.0070 4692 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    20:07:42.0755 4692 HSF_DPV - ok
    20:07:44.0502 4692 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    20:07:45.0407 4692 HSXHWAZL - ok
    20:07:45.0922 4692 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
    20:07:46.0171 4692 HTTP - ok
    20:07:47.0887 4692 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    20:07:49.0713 4692 i2omp - ok
    20:07:49.0947 4692 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    20:07:50.0305 4692 i8042prt - ok
    20:07:50.0633 4692 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
    20:07:50.0758 4692 iaStor - ok
    20:07:51.0070 4692 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    20:07:51.0507 4692 iaStorV - ok
    20:07:54.0112 4692 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    20:07:54.0627 4692 igfx - ok
    20:07:55.0032 4692 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    20:07:55.0609 4692 iirsp - ok
    20:07:56.0187 4692 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
    20:07:56.0920 4692 IntcHdmiAddService - ok
    20:07:57.0107 4692 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
    20:07:57.0263 4692 intelide - ok
    20:07:57.0435 4692 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    20:07:57.0544 4692 intelppm - ok
    20:07:57.0762 4692 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:07:58.0027 4692 IpFilterDriver - ok
    20:07:58.0293 4692 IpInIp - ok
    20:07:58.0651 4692 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    20:07:59.0041 4692 IPMIDRV - ok
    20:07:59.0229 4692 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    20:07:59.0681 4692 IPNAT - ok
    20:07:59.0977 4692 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    20:08:00.0165 4692 IRENUM - ok
    20:08:00.0461 4692 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    20:08:00.0586 4692 isapnp - ok
    20:08:00.0789 4692 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    20:08:00.0867 4692 iScsiPrt - ok
    20:08:01.0116 4692 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    20:08:01.0397 4692 iteatapi - ok
    20:08:01.0787 4692 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    20:08:01.0959 4692 iteraid - ok
    20:08:02.0302 4692 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    20:08:02.0629 4692 kbdclass - ok
    20:08:02.0817 4692 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    20:08:03.0004 4692 kbdhid - ok
    20:08:03.0269 4692 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    20:08:03.0643 4692 KSecDD - ok
    20:08:03.0924 4692 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    20:08:04.0111 4692 lltdio - ok
    20:08:04.0439 4692 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    20:08:04.0626 4692 LSI_FC - ok
    20:08:04.0798 4692 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    20:08:05.0063 4692 LSI_SAS - ok
    20:08:05.0250 4692 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    20:08:05.0437 4692 LSI_SCSI - ok
    20:08:06.0061 4692 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    20:08:06.0186 4692 luafv - ok
    20:08:06.0561 4692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    20:08:06.0857 4692 mdmxsdk - ok
    20:08:06.0997 4692 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    20:08:07.0294 4692 megasas - ok
    20:08:07.0481 4692 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    20:08:07.0824 4692 MegaSR - ok
    20:08:08.0011 4692 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys
    20:08:08.0277 4692 mfeavfk - ok
    20:08:08.0635 4692 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys
    20:08:08.0838 4692 mfebopk - ok
    20:08:09.0493 4692 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys
    20:08:09.0852 4692 mfehidk - ok
    20:08:10.0102 4692 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
    20:08:10.0367 4692 mferkdk - ok
    20:08:10.0726 4692 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
    20:08:11.0272 4692 mfesmfk - ok
    20:08:11.0537 4692 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    20:08:11.0615 4692 Modem - ok
    20:08:11.0833 4692 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    20:08:11.0989 4692 monitor - ok
    20:08:12.0145 4692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    20:08:12.0457 4692 mouclass - ok
    20:08:12.0676 4692 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    20:08:12.0816 4692 mouhid - ok
    20:08:13.0081 4692 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    20:08:13.0222 4692 MountMgr - ok
    20:08:13.0409 4692 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
    20:08:13.0690 4692 MPFP - ok
    20:08:13.0877 4692 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    20:08:14.0142 4692 mpio - ok
    20:08:14.0345 4692 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    20:08:14.0470 4692 mpsdrv - ok
    20:08:14.0626 4692 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    20:08:14.0797 4692 Mraid35x - ok
    20:08:14.0953 4692 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    20:08:15.0234 4692 MRxDAV - ok
    20:08:15.0375 4692 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:08:15.0733 4692 mrxsmb - ok
    20:08:15.0921 4692 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:08:16.0342 4692 mrxsmb10 - ok
    20:08:16.0607 4692 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:08:16.0841 4692 mrxsmb20 - ok
    20:08:17.0013 4692 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    20:08:17.0278 4692 msahci - ok
    20:08:17.0527 4692 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    20:08:17.0793 4692 msdsm - ok
    20:08:18.0120 4692 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    20:08:18.0307 4692 Msfs - ok
    20:08:18.0557 4692 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    20:08:18.0744 4692 msisadrv - ok
    20:08:19.0119 4692 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    20:08:19.0321 4692 MSKSSRV - ok
    20:08:19.0571 4692 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:08:19.0727 4692 MSPCLOCK - ok
    20:08:19.0883 4692 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    20:08:20.0055 4692 MSPQM - ok
    20:08:20.0257 4692 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    20:08:20.0289 4692 MsRPC - ok
    20:08:20.0554 4692 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    20:08:20.0679 4692 mssmbios - ok
    20:08:20.0928 4692 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    20:08:21.0084 4692 MSTEE - ok
    20:08:21.0381 4692 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    20:08:21.0443 4692 Mup - ok
    20:08:21.0630 4692 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    20:08:21.0958 4692 NativeWifiP - ok
    20:08:22.0285 4692 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
    20:08:22.0551 4692 NDIS - ok
    20:08:22.0816 4692 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:08:22.0956 4692 NdisTapi - ok
    20:08:23.0159 4692 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:08:23.0409 4692 Ndisuio - ok
    20:08:23.0565 4692 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:08:25.0047 4692 NdisWan - ok
    20:08:25.0452 4692 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    20:08:25.0733 4692 NDProxy - ok
    20:08:25.0920 4692 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    20:08:26.0295 4692 NetBIOS - ok
    20:08:26.0435 4692 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    20:08:26.0763 4692 netbt - ok
    20:08:27.0075 4692 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    20:08:27.0340 4692 nfrd960 - ok
    20:08:27.0699 4692 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    20:08:28.0089 4692 Npfs - ok
    20:08:28.0619 4692 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    20:08:28.0822 4692 nsiproxy - ok
    20:08:29.0025 4692 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    20:08:29.0758 4692 Ntfs - ok
    20:08:30.0179 4692 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    20:08:30.0413 4692 ntrigdigi - ok
    20:08:30.0600 4692 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    20:08:30.0787 4692 Null - ok
    20:08:30.0975 4692 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    20:08:31.0162 4692 nvraid - ok
    20:08:31.0396 4692 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    20:08:31.0599 4692 nvstor - ok
    20:08:31.0801 4692 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    20:08:31.0926 4692 nv_agp - ok
    20:08:32.0176 4692 NwlnkFlt - ok
    20:08:32.0472 4692 NwlnkFwd - ok
    20:08:32.0659 4692 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    20:08:32.0831 4692 OEM02Dev - ok
    20:08:33.0034 4692 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    20:08:33.0377 4692 OEM02Vfx - ok
    20:08:33.0580 4692 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    20:08:33.0673 4692 ohci1394 - ok
    20:08:34.0095 4692 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    20:08:34.0407 4692 Parport - ok
    20:08:34.0547 4692 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    20:08:34.0656 4692 partmgr - ok
    20:08:34.0984 4692 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    20:08:35.0124 4692 Parvdm - ok
    20:08:35.0343 4692 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    20:08:35.0655 4692 pci - ok
    20:08:35.0795 4692 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    20:08:36.0029 4692 pciide - ok
    20:08:36.0310 4692 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    20:08:36.0403 4692 pcmcia - ok
    20:08:36.0606 4692 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    20:08:36.0809 4692 PEAUTH - ok
    20:08:37.0168 4692 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    20:08:37.0293 4692 PptpMiniport - ok
    20:08:37.0449 4692 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    20:08:37.0636 4692 Processor - ok
    20:08:37.0823 4692 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    20:08:37.0823 4692 PSched - ok
    20:08:37.0932 4692 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    20:08:38.0197 4692 PxHelp20 - ok
    20:08:38.0400 4692 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    20:08:39.0383 4692 ql2300 - ok
    20:08:41.0068 4692 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    20:08:41.0879 4692 ql40xx - ok
    20:08:42.0519 4692 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    20:08:42.0628 4692 QWAVEdrv - ok
    20:08:43.0174 4692 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    20:08:44.0001 4692 R300 - ok
    20:08:44.0281 4692 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
    20:08:44.0921 4692 RapportCerberus_34302 - ok
    20:08:45.0358 4692 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    20:08:45.0654 4692 RapportEI - ok
    20:08:45.0966 4692 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\Windows\system32\Drivers\RapportKELL.sys
    20:08:46.0356 4692 RapportKELL - ok
    20:08:46.0543 4692 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    20:08:46.0887 4692 RasAcd - ok
    20:08:47.0323 4692 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:08:47.0667 4692 Rasl2tp - ok
    20:08:48.0010 4692 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:08:48.0384 4692 RasPppoe - ok
    20:08:48.0665 4692 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    20:08:49.0149 4692 RasSstp - ok
    20:08:49.0383 4692 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    20:08:51.0442 4692 rdbss - ok
    20:08:52.0347 4692 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:08:52.0659 4692 RDPCDD - ok
    20:08:53.0205 4692 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    20:08:53.0704 4692 rdpdr - ok
    20:08:53.0860 4692 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    20:08:54.0000 4692 RDPENCDD - ok
    20:08:54.0421 4692 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    20:08:55.0607 4692 RDPWD - ok
    20:08:56.0278 4692 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    20:08:56.0949 4692 rimmptsk - ok
    20:08:57.0276 4692 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    20:08:58.0524 4692 rimsptsk - ok
    20:08:58.0633 4692 RimUsb - ok
    20:08:58.0992 4692 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    20:09:03.0688 4692 RimVSerPort - ok
    20:09:04.0234 4692 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    20:09:04.0858 4692 rismxdp - ok
    20:09:05.0248 4692 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    20:09:05.0451 4692 ROOTMODEM - ok
    20:09:05.0903 4692 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    20:09:06.0480 4692 rspndr - ok
    20:09:06.0948 4692 sbp2port (2360d6deb84684850cdf962bb8a021d7) C:\Windows\system32\DRIVERS\sbp2port.sys
    20:09:08.0227 4692 sbp2port - ok
    20:09:08.0539 4692 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    20:09:08.0851 4692 sdbus - ok
    20:09:09.0085 4692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    20:09:09.0787 4692 secdrv - ok
    20:09:10.0271 4692 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    20:09:10.0536 4692 Serenum - ok
    20:09:11.0129 4692 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    20:09:11.0441 4692 Serial - ok
    20:09:12.0408 4692 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    20:09:14.0296 4692 sermouse - ok
    20:09:14.0623 4692 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    20:09:14.0857 4692 sffdisk - ok
    20:09:15.0138 4692 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    20:09:15.0559 4692 sffp_mmc - ok
    20:09:16.0090 4692 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    20:09:16.0480 4692 sffp_sd - ok
    20:09:16.0683 4692 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    20:09:17.0197 4692 sfloppy - ok
    20:09:17.0697 4692 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    20:09:18.0133 4692 sisagp - ok
    20:09:18.0383 4692 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    20:09:18.0867 4692 SiSRaid2 - ok
    20:09:19.0257 4692 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    20:09:20.0021 4692 SiSRaid4 - ok
    20:09:20.0988 4692 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    20:09:21.0300 4692 Smb - ok
    20:09:21.0550 4692 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    20:09:21.0737 4692 spldr - ok
    20:09:21.0955 4692 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    20:09:22.0423 4692 srv - ok
    20:09:22.0642 4692 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    20:09:23.0656 4692 srv2 - ok
    20:09:24.0015 4692 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    20:09:28.0195 4692 srvnet - ok
    20:09:29.0303 4692 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    20:09:30.0021 4692 STHDA - ok
    20:09:30.0270 4692 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    20:09:30.0520 4692 swenum - ok
    20:09:31.0331 4692 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    20:09:31.0674 4692 Symc8xx - ok
    20:09:32.0329 4692 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    20:09:33.0187 4692 Sym_hi - ok
    20:09:33.0905 4692 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    20:09:34.0981 4692 Sym_u3 - ok
    20:09:35.0668 4692 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    20:09:36.0463 4692 Tcpip - ok
    20:09:36.0869 4692 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    20:09:36.0869 4692 Tcpip6 - ok
    20:09:37.0165 4692 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    20:09:37.0337 4692 tcpipreg - ok
    20:09:37.0992 4692 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    20:09:38.0382 4692 TDPIPE - ok
    20:09:38.0616 4692 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    20:09:39.0115 4692 TDTCP - ok
    20:09:39.0318 4692 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    20:09:40.0036 4692 tdx - ok
    20:09:40.0613 4692 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    20:09:40.0894 4692 TermDD - ok
    20:09:41.0315 4692 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:09:41.0674 4692 tssecsrv - ok
    20:09:41.0814 4692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    20:09:42.0157 4692 tunmp - ok
    20:09:42.0376 4692 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    20:09:42.0719 4692 tunnel - ok
    20:09:43.0093 4692 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    20:09:43.0624 4692 uagp35 - ok
    20:09:44.0263 4692 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    20:09:46.0728 4692 udfs - ok
    20:09:46.0947 4692 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    20:09:47.0134 4692 uliagpkx - ok
    20:09:47.0664 4692 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    20:09:48.0023 4692 uliahci - ok
    20:09:48.0163 4692 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    20:09:49.0271 4692 UlSata - ok
    20:09:49.0645 4692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    20:09:50.0691 4692 ulsata2 - ok
    20:09:51.0034 4692 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    20:09:51.0346 4692 umbus - ok
    20:09:51.0705 4692 usbccgp (79a58d49e042e80f1909d8ed0a3c47a8) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:09:52.0157 4692 usbccgp - ok
    20:09:52.0547 4692 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    20:09:53.0405 4692 usbcir - ok
    20:09:53.0920 4692 usbehci (8bd8e10a930235a67a10346d5f5029e2) C:\Windows\system32\DRIVERS\usbehci.sys
    20:09:54.0762 4692 usbehci - ok
    20:09:54.0981 4692 usbhub (5146760ca7ea58e4dd5e2e1d418d7011) C:\Windows\system32\DRIVERS\usbhub.sys
    20:09:55.0807 4692 usbhub - ok
    20:09:56.0088 4692 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    20:09:56.0275 4692 usbohci - ok
    20:09:56.0806 4692 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    20:09:57.0243 4692 usbprint - ok
    20:09:57.0399 4692 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:09:58.0007 4692 USBSTOR - ok
    20:09:58.0210 4692 usbuhci (0d815d51fd8ea5f9cb6b85c122cddbf6) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:09:58.0600 4692 usbuhci - ok
    20:09:59.0286 4692 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:09:59.0473 4692 vga - ok
    20:10:00.0269 4692 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    20:10:00.0612 4692 VgaSave - ok
    20:10:00.0955 4692 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    20:10:01.0439 4692 viaagp - ok
    20:10:01.0689 4692 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    20:10:02.0047 4692 ViaC7 - ok
    20:10:02.0703 4692 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    20:10:02.0999 4692 viaide - ok
    20:10:03.0498 4692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    20:10:03.0966 4692 volmgr - ok
    20:10:04.0777 4692 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    20:10:05.0199 4692 volmgrx - ok
    20:10:05.0573 4692 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    20:10:05.0823 4692 volsnap - ok
    20:10:06.0041 4692 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    20:10:06.0915 4692 vsmraid - ok
    20:10:07.0336 4692 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    20:10:07.0773 4692 WacomPen - ok
    20:10:08.0287 4692 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    20:10:08.0709 4692 Wanarp - ok
    20:10:08.0755 4692 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    20:10:08.0755 4692 Wanarpv6 - ok
    20:10:09.0239 4692 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    20:10:09.0832 4692 Wd - ok
    20:10:10.0471 4692 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    20:10:10.0783 4692 Wdf01000 - ok
    20:10:11.0236 4692 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    20:10:12.0250 4692 winachsf - ok
    20:10:14.0325 4692 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    20:10:14.0559 4692 WmiAcpi - ok
    20:10:15.0573 4692 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    20:10:16.0056 4692 ws2ifsl - ok
    20:10:16.0665 4692 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:10:17.0601 4692 WUDFRd - ok
    20:10:18.0209 4692 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    20:10:18.0505 4692 XAudio - ok
    20:10:20.0393 4692 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
    20:10:21.0594 4692 yukonwlh - ok
    20:10:22.0109 4692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    20:10:23.0981 4692 \Device\Harddisk0\DR0 - ok
    20:10:24.0106 4692 Boot (0x1200) (aef1ef47c575b279d7d3f6ac7cbd65fd) \Device\Harddisk0\DR0\Partition0
    20:10:24.0106 4692 \Device\Harddisk0\DR0\Partition0 - ok
    20:10:24.0137 4692 Boot (0x1200) (96ab1340cc59805d56c6fa4e73f76431) \Device\Harddisk0\DR0\Partition1
    20:10:24.0153 4692 \Device\Harddisk0\DR0\Partition1 - ok
    20:10:24.0153 4692 ============================================================
    20:10:24.0153 4692 Scan finished
    20:10:24.0153 4692 ============================================================
    20:10:24.0964 5744 Detected object count: 0
    20:10:24.0964 5744 Actual detected object count: 0
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. Phil82

    Phil82 TS Rookie Topic Starter

    Combofix log

    ComboFix 12-03-13.01 - Phil 14/03/2012 10:36:22.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1013.216 [GMT 0:00]
    Running from: c:\users\Phil\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~a3NuJTL5j6QspR
    c:\programdata\~a3NuJTL5j6QspRr
    c:\programdata\a3NuJTL5j6QspR
    c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-14 10:52 . 2012-03-14 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-12 19:47 . 2012-03-12 19:47 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2012-03-03 20:32 . 2012-03-03 20:32 100864 ----a-w- C:\pwdiapod.sys
    2012-03-02 22:20 . 2012-03-02 22:20 -------- d-----w- c:\users\Phil\AppData\Roaming\Malwarebytes
    2012-03-02 22:19 . 2012-03-02 22:19 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-02 22:19 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 22:19 . 2012-03-02 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-01 13:43 . 2012-03-01 13:43 -------- d-----w- C:\found.008
    2012-02-28 21:58 . 2012-02-28 21:58 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-14 17:47 . 2009-11-24 20:04 119808 ---ha-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-14 30192]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    .
    c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-15 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-01-15 18:41 10536 ---ha-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:53]
    .
    2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:53]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.independent.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-14 10:53
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\users\Phil\AppData\Local\Temp\catchme.dll 53248 bytes executable
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-03-14 11:06:22
    ComboFix-quarantined-files.txt 2012-03-14 11:06
    .
    Pre-Run: 92,116,795,392 bytes free
    Post-Run: 93,095,223,296 bytes free
    .
    - - End Of File - - 19FCDFDB6EDDD02A748D4708F46AD58B
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    C:\pwdiapod.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  15. Phil82

    Phil82 TS Rookie Topic Starter

    Combofix log

    ComboFix 12-03-13.01 - Phil 15/03/2012 19:55:41.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1013.167 [GMT 0:00]
    Running from: c:\users\Phil\Desktop\ComboFix.exe
    Command switches used :: c:\users\Phil\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "C:\pwdiapod.sys"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-15 20:10 . 2012-03-15 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-12 19:47 . 2012-03-12 19:47 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2012-03-03 20:32 . 2012-03-03 20:32 100864 ----a-w- C:\pwdiapod.sys
    2012-03-02 22:20 . 2012-03-02 22:20 -------- d-----w- c:\users\Phil\AppData\Roaming\Malwarebytes
    2012-03-02 22:19 . 2012-03-02 22:19 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-02 22:19 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 22:19 . 2012-03-02 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-01 13:43 . 2012-03-01 13:43 -------- d-----w- C:\found.008
    2012-02-28 21:58 . 2012-02-28 21:58 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-14 17:47 . 2009-11-24 20:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-14 30192]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    .
    c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-15 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-01-15 18:41 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:53]
    .
    2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:53]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.independent.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-15 20:10
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-03-15 20:13:26
    ComboFix-quarantined-files.txt 2012-03-15 20:13
    ComboFix2.txt 2012-03-14 11:06
    .
    Pre-Run: 92,886,900,736 bytes free
    Post-Run: 92,863,492,096 bytes free
    .
    - - End Of File - - 711FCBEC1240422FADC729DB562F8B63
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. Phil82

    Phil82 TS Rookie Topic Starter

    OTL.txt

    Computer is doing well. Desktop items and files have all re-appeared and it seems to be running ok.

    How is my computer looking from your side of things?

    Please see OTL log below:

    OTL logfile created on: 16/03/2012 15:37:49 - Run 1
    OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Phil\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.31 Mb Total Physical Memory | 242.68 Mb Available Physical Memory | 23.95% Memory free
    2.24 Gb Paging File | 1.03 Gb Available in Paging File | 46.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.33 Gb Total Space | 87.14 Gb Free Space | 63.92% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.97 Gb Free Space | 39.75% Space Free | Partition Type: NTFS

    Computer Name: PHIL-DELL | User Name: Phil | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/16 15:36:24 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
    PRC - [2012/03/16 05:35:05 | 017,141,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\mpas-fe.exe
    PRC - [2012/03/11 13:48:36 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- c:\07efd545b7be8c70572b6acb1b6b0f9b\MPSigStub.exe
    PRC - [2012/02/17 20:35:00 | 000,529,520 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\Install\{9CAEBF4D-F3F0-4B32-8D13-C4714CD59C36}\GoogleToolbarInstaller_updater_signed.exe
    PRC - [2010/05/20 23:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/05/20 23:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/10/04 12:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/09/23 21:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/05/04 09:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/05/04 09:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/05/04 09:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/05/04 09:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/03/04 05:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2008/02/22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/12/21 09:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/11 13:50:38 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/07/09 19:33:36 | 015,880,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\e9894665ca88b954a7960ecbd9b7136b\MenuSkinning.ni.dll
    MOD - [2011/07/09 19:33:08 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\37fcf6436994c36769a13e2f60f5fe6f\VistaBridgeLibrary.ni.dll
    MOD - [2011/07/09 19:33:04 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll
    MOD - [2011/07/09 19:33:02 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\91435a256ee9ef041000e6837b66c49d\DellDock.ni.exe
    MOD - [2011/07/09 19:32:59 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\f3ddaf6d419e4cd57ad9da11aa5dceb9\MyDock.Util.ni.dll
    MOD - [2011/07/09 19:32:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll
    MOD - [2011/07/09 19:32:44 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll
    MOD - [2011/07/09 19:32:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
    MOD - [2011/07/09 19:31:45 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc78764e2649bd53edc5c9884efba391\Accessibility.ni.dll
    MOD - [2011/07/02 08:17:07 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
    MOD - [2011/07/02 08:13:43 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
    MOD - [2011/07/02 08:12:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
    MOD - [2011/07/02 08:05:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
    MOD - [2011/07/02 08:05:09 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
    MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2008/10/27 09:07:18 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
    SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2009/01/15 18:41:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Phil\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/11 13:50:38 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
    DRV - [2012/03/11 13:50:34 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
    DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2008/10/27 09:07:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/06/23 12:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2008/05/04 09:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/03/06 07:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/03/04 05:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2008/03/04 05:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2008/01/21 02:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2007/11/12 11:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/06 16:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/06 16:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/06 16:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.independent.co.uk/
    IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUK_enGB319&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Jv1PGKTkkNEc9j4dVkJG_kcSb3g?q={searchTerms}
    IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.9.0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox

    [2009/03/24 18:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
    [2012/02/02 20:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zotj78j4.default\extensions
    [2011/06/17 19:55:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zotj78j4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/17 19:55:14 | 000,000,000 | ---D | M] (Property Bee) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zotj78j4.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
    [2011/06/17 19:55:15 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zotj78j4.default\extensions\2020Player@2020Technologies.com
    [2012/02/19 16:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/06 19:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
    [2010/07/06 19:07:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

    O1 HOSTS File: ([2012/03/14 10:53:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C65AF17-0C54-48A2-B59A-65B31039DE52}: DhcpNameServer = 10.72.0.68 10.72.0.69
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8274CDEA-7784-417E-AC32-88053B8813C2}: DhcpNameServer = 192.168.0.1
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/16 15:30:01 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
    [2012/03/16 15:15:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/15 20:12:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/15 19:49:47 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/03/14 10:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/03/14 10:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 8.5
    [2012/03/14 10:32:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/14 10:32:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/14 10:32:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/14 10:31:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/14 10:31:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/14 09:25:52 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Phil\Desktop\AppRemover.exe
    [2012/03/14 09:21:53 | 004,434,769 | R--- | C] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
    [2012/03/12 19:47:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/12 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\tdsskiller
    [2012/03/11 21:12:35 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\bootkit_remover
    [2012/03/11 13:48:50 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
    [2012/03/10 20:06:34 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Phil\Desktop\aswMBR.exe
    [2012/03/03 21:10:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Phil\Desktop\dds.scr
    [2012/03/03 20:32:46 | 000,100,864 | ---- | C] (GMER) -- C:\pwdiapod.sys
    [2012/03/02 22:20:50 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Malwarebytes
    [2012/03/02 22:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/02 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/02 22:19:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/02 22:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/02 22:16:26 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam--setup-1.60.1.1000.exe
    [2012/03/02 20:52:37 | 001,310,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/03/01 13:43:11 | 000,000,000 | ---D | C] -- C:\found.008
    [2012/02/28 21:58:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/16 15:41:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/16 15:36:24 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
    [2012/03/16 15:33:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/16 15:15:56 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/16 15:15:55 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/16 15:15:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/16 15:15:38 | 1063,301,120 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/14 11:33:57 | 000,001,356 | ---- | M] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
    [2012/03/14 10:53:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/03/14 09:25:48 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Phil\Desktop\AppRemover.exe
    [2012/03/14 09:21:47 | 004,434,769 | R--- | M] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
    [2012/03/12 19:40:47 | 002,044,822 | ---- | M] () -- C:\Users\Phil\Desktop\tdsskiller.zip
    [2012/03/11 21:11:25 | 000,044,607 | ---- | M] () -- C:\Users\Phil\Desktop\bootkit_remover.zip
    [2012/03/11 20:48:25 | 000,000,512 | ---- | M] () -- C:\Users\Phil\Desktop\MBR.dat
    [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
    [2012/03/10 21:22:48 | 196,794,782 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/10 20:06:07 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Phil\Desktop\aswMBR.exe
    [2012/03/03 21:05:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Phil\Desktop\dds.scr
    [2012/03/03 20:32:46 | 000,100,864 | ---- | M] (GMER) -- C:\pwdiapod.sys
    [2012/03/03 20:06:26 | 000,302,592 | ---- | M] () -- C:\Users\Phil\Desktop\qo41bent.exe
    [2012/03/02 22:19:52 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/02 22:16:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam--setup-1.60.1.1000.exe
    [2012/03/02 20:51:59 | 001,310,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/03/01 13:49:55 | 000,000,631 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/28 22:03:02 | 000,000,607 | ---- | M] () -- C:\Users\Phil\Desktop\System Check.lnk
    [2012/02/24 16:00:57 | 000,012,503 | ---- | M] () -- C:\Users\Phil\Documents\Monthly Spend 2012.ods
    [2012/02/19 20:09:08 | 000,296,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/18 21:29:23 | 000,011,844 | ---- | M] () -- C:\Users\Phil\Documents\Kitchen.ods
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/14 10:45:10 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
    [2012/03/14 10:45:10 | 000,001,748 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    [2012/03/14 10:45:01 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
    [2012/03/14 10:45:01 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
    [2012/03/14 10:45:01 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
    [2012/03/14 10:45:01 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2012/03/14 10:45:01 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
    [2012/03/14 10:45:00 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
    [2012/03/14 10:45:00 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
    [2012/03/14 10:45:00 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/03/14 10:45:00 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaDirect.lnk
    [2012/03/14 10:45:00 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/03/14 10:45:00 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
    [2012/03/14 10:45:00 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/03/14 10:45:00 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
    [2012/03/14 10:45:00 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
    [2012/03/14 10:45:00 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
    [2012/03/14 10:45:00 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
    [2012/03/14 10:45:00 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Master.lnk
    [2012/03/14 10:44:59 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
    [2012/03/14 10:44:59 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/03/14 10:44:59 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
    [2012/03/14 10:44:59 | 000,001,527 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
    [2012/03/14 10:32:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/14 10:32:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/14 10:32:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/14 10:32:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/14 10:32:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/12 19:41:08 | 002,044,822 | ---- | C] () -- C:\Users\Phil\Desktop\tdsskiller.zip
    [2012/03/11 21:11:49 | 000,044,607 | ---- | C] () -- C:\Users\Phil\Desktop\bootkit_remover.zip
    [2012/03/11 20:49:35 | 1063,301,120 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/11 20:48:25 | 000,000,512 | ---- | C] () -- C:\Users\Phil\Desktop\MBR.dat
    [2012/03/03 20:08:05 | 000,302,592 | ---- | C] () -- C:\Users\Phil\Desktop\qo41bent.exe
    [2012/03/02 22:19:52 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/01 13:49:55 | 000,000,631 | ---- | C] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/28 22:03:02 | 000,000,607 | ---- | C] () -- C:\Users\Phil\Desktop\System Check.lnk
    [2012/02/18 20:58:34 | 000,011,844 | ---- | C] () -- C:\Users\Phil\Documents\Kitchen.ods
    [2011/02/07 11:10:38 | 000,001,356 | ---- | C] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
    [2010/09/12 13:54:46 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/09/12 13:54:46 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/09/12 13:54:46 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe

    ========== LOP Check ==========

    [2009/05/24 16:02:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Hrsim
    [2010/07/06 19:29:17 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OpenOffice.org
    [2012/02/19 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Research In Motion
    [2010/07/10 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Sports Interactive
    [2009/03/21 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Template
    [2012/03/15 20:21:44 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/21 02:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2012/03/15 20:13:27 | 000,006,622 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/01/16 02:55:30 | 000,005,048 | R--- | M] () -- C:\dell.sdr
    [2012/03/16 15:15:38 | 1063,301,120 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/16 15:15:37 | 1377,103,872 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/03 20:32:46 | 000,100,864 | ---- | M] (GMER) -- C:\pwdiapod.sys
    [2012/03/12 19:47:49 | 000,076,962 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_12.03.2012_19.43.12_log.txt
    [2012/03/13 20:47:57 | 000,076,022 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_13.03.2012_20.06.25_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 12:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/21 02:32:37 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/14 09:25:48 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Phil\Desktop\AppRemover.exe
    [2012/03/10 20:06:07 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Phil\Desktop\aswMBR.exe
    [2012/03/14 09:21:47 | 004,434,769 | R--- | M] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
    [2012/03/02 22:16:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam--setup-1.60.1.1000.exe
    [2012/03/02 20:51:59 | 001,310,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/03/16 15:36:24 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
    [2012/03/03 20:06:26 | 000,302,592 | ---- | M] () -- C:\Users\Phil\Desktop\qo41bent.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/16 15:33:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/16 15:41:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/16 15:15:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/15 20:21:44 | 000,032,626 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/05/24 19:38:29 | 000,000,402 | -HS- | M] () -- C:\Users\Phil\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FB6A46D

    < End of report >
     
  18. Phil82

    Phil82 TS Rookie Topic Starter

    Extras.txt

    OTL Extras logfile created on: 16/03/2012 15:37:49 - Run 1
    OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Phil\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.31 Mb Total Physical Memory | 242.68 Mb Available Physical Memory | 23.95% Memory free
    2.24 Gb Paging File | 1.03 Gb Available in Paging File | 46.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.33 Gb Total Space | 87.14 Gb Free Space | 63.92% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.97 Gb Free Space | 39.75% Space Free | Partition Type: NTFS

    Computer Name: PHIL-DELL | User Name: Phil | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0E37E2FE-C2DB-4412-A979-A3699CA81088}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{1C5A6E72-4E93-42DA-8171-690AE7F27A98}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{1E86DBC1-AA75-44E7-AEFE-652CBAB7C560}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010 demo\fm.exe |
    "{1F14FFE5-4EC0-4171-9D49-F9099F0FBE65}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{2B53C932-75CB-42C8-9C78-6CC17D3C243D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{77CEEE69-B504-4579-8495-322FE38DEBC0}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{7F27CFEC-9F96-4E3F-95FF-B1EFA36A245F}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
    "{818E9DCC-ECE6-49B6-B37C-BFCBEF9F477F}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010 demo\fm.exe |
    "{848389FA-15D1-44A9-91AE-8C0391C8DF0E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{C7AF5DB1-5F59-477E-A81A-803638480C07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DAF0D8EB-83D4-4C6E-9CE6-AA09B46A2380}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
    "{ED9A7F64-9DD6-4741-AAAC-91E760E45145}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
    "{FD09D8DC-EA92-455F-9023-30336B01C352}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
    "{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
    "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
    "{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EC0AB585-B279-4A77-8BB5-64C403E43EE7}" = Football Manager 2005
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist 8.0.0.514
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PartyPoker" = PartyPoker
    "Rapport_msi" = Rapport
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good news :)

    You can reinstall AVG at any time now.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Jv1PGKTkkNEc9j4dVkJG_kcSb3g?q={searchTerms}
      O15 - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-3263712317-2706553042-2028928167-1000\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      [2012/03/01 13:49:55 | 000,000,631 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      [2012/02/28 22:03:02 | 000,000,607 | ---- | M] () -- C:\Users\Phil\Desktop\System Check.lnk
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FB6A46D
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. Phil82

    Phil82 TS Rookie Topic Starter

    OTL Log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-3263712317-2706553042-2028928167-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3263712317-2706553042-2028928167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3263712317-2706553042-2028928167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
    C:\Users\Phil\Desktop\System Check.lnk moved successfully.
    ADS C:\ProgramData\TEMP:7FB6A46D deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Phil
    ->Temp folder emptied: 81286 bytes
    ->Temporary Internet Files folder emptied: 273289208 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 16945298 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 36499 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 591211 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 278.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Phil
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Phil
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.37.1 log created on 03172012_132920

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  21. Phil82

    Phil82 TS Rookie Topic Starter

    FSS Log

    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll
    [2008-01-21 02:33] - [2008-01-21 02:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

    C:\Windows\system32\Drivers\afd.sys
    [2011-06-17 20:18] - [2011-04-21 13:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2010-08-14 18:56] - [2010-06-16 15:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

    C:\Windows\system32\dnsrslvr.dll
    [2011-04-25 10:38] - [2011-03-02 14:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

    C:\Windows\system32\mpssvc.dll
    [2008-01-21 02:34] - [2008-01-21 02:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

    C:\Windows\system32\bfe.dll
    [2008-01-21 02:33] - [2008-01-21 02:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe
    [2008-01-21 02:33] - [2008-01-21 02:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

    C:\Windows\system32\wscsvc.dll
    [2008-01-21 02:33] - [2008-01-21 02:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

    C:\Windows\system32\wbem\WMIsvc.dll
    [2008-01-21 02:34] - [2008-01-21 02:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2008-01-21 02:34] - [2008-01-21 02:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

    C:\Windows\system32\es.dll
    [2009-01-16 02:50] - [2009-01-16 02:50] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

    C:\Windows\system32\cryptsvc.dll
    [2008-01-21 02:34] - [2008-01-21 02:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll
    [2009-04-15 17:26] - [2009-03-03 04:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



    **** End of log ****
     
  22. Phil82

    Phil82 TS Rookie Topic Starter

    Security Check Log

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 1 x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player ( 10.0.32.18) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````


    No Eset log was generated
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Uninstall Java(TM) 6 Update 7

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 2 installation!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  24. Phil82

    Phil82 TS Rookie Topic Starter

    OTL log

    Computer is doing really well.

    Thank you for your help, I really appreciate the time you have spent resolving this for me

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Phil
    ->Temp folder emptied: 119516 bytes
    ->Temporary Internet Files folder emptied: 34304695 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 33.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Phil
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Phil
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.37.1 log created on 03182012_124840

    Files\Folders moved on Reboot...
    C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Phil\AppData\Local\Trusteer\Rapport\user\logs\koan.3048.log moved successfully.
    C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQYMJ5M7\4773[1].htm moved successfully.
    C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQYMJ5M7\partner[1].htm moved successfully.
    C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQYMJ5M7\partner[2].htm moved successfully.
    C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQYMJ5M7\partner[3].htm moved successfully.
    C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GKA6CFIQ\topic178466-2[1].html moved successfully.
    C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...